Electrical blackouts impacting millions of people in Brazil in 2005 and 2007 were caused by hackers targeting control systems, according to the CBS news magazine 60 Minutes.
(Update: Brazilian Blackout Traced to Sooty Insulators, Not Hackers)
In a show set to air Sunday night, CBS blames a two-day outage in Espirito Santo in 2007 on a hack attack. The blackout affected three million people. Another, smaller blackout north of Rio de Janeiro in January 2005 was also triggered by computer intruders, the network claims.
Reports that hacker-extortionists triggered at least one blackout outside the U.S. first surfaced last year, based on comments made by the CIA’s chief cybersecurity officer, Tom Donahue, who declined to identify any country or the specifics of the alleged attacks. In an interview with Threat Level's Kim Zetter last month, former cybersecurity czar Richard Clarke publicly named Brazil as a hack attack blackout victim for the first time, but didn't go into details.
60 Minutes hasn't distinguished itself with its cyber reporting in the past: the show's alarmist piece on the Conficker botnet showed a picture of a gang of ruthless Russian hackers that turned out to be a bunch of school kids from Finland, and the show's recent report on internet piracy was rank with unchecked Hollywood talking points. Earlier reports from other media sources about hacker-triggered blackouts within the U.S. proved false.
But it seems unlikely that CBS would pin itself to a claim like this – naming specific, and real blackouts – without solid investigative sourcing beyond the usual suspects in the U.S. intelligence community and cyber security vendors. If they were wrong, their claims would be quickly disputed from within Brazil.
So Threat Level will be tuning in Sunday, and beginning Monday may have to be a little less snarky in its Cybarmageddon coverage. We might even have to rethink those Finnish kids.
Update 11-08-09 1:45 pm: The Brazilian government and the local energy company Furnas are denying the CBS News claim, according to today's edition of the Brazilian newspaper Folha. Raphael Mandarino Junior, director of the Homeland Security Information and Communication of the Institutional Security Cabinet of the Presidency, also told the paper he's investigated the claims and found no evidence of hacker attacks.
Update 11-08-09 11:55 pm: The show has aired, and we now know that 60 Minutes' extraordinary hacker blackout claim comes from "half-a-dozen" sources in the military, intelligence and security communities – not one of which is named. That doesn't mean the story is false, but the show did lead with former Bush intel chief Mike McConnell. And, really, if you're sourcing McConnell, you might as well just make it up yourself.
There was no mention in the broadcast that the power company and the Brazilian government dispute the claim.
